IT Consulting & StrategySecurityTech Support & Managed IT ServicesFinance
A Manhattan Tech Support Guide to FINRA Compliance
FINRA can be a major stumbling block for some financial firms but having a trusted expert on your side provides a dependable path to compliance and confidence.
The Financial Industry Regulatory Authority (FINRA) is an independent, nongovernmental organization that writes and enforces rules that govern the securities industry. The three primary goals of FINRA are:
- Foster transparency in the financial services marketplace
- Enforce high ethical standards
- Safeguards investors from malfeasance
For over 20 years, both Manhattan Tech Support — and its dedicated security division Kaytuso — have been helping financial firms gain visibility into their FINRA exposure and navigate the difficult road to FINRA compliance.
Over 100 billion financial transactions are processed by FINRA every day.[1]
A Brief History of FINRA
The history of FINRA extends almost 100 years back to the very earliest forms of financial regulation in the United States.
- 1929 – The Wall St. Crash of 1929 leads to the creation of the Securities Exchange Act of 1934 and the Maloney Act.
- 1939 – The National Association of Securities Dealers (NASD) is created to better implement those two acts, as well as other securities oversight provisions.
- 1971 – NASD launches a computerized stock trading system called the National Association of Securities Dealers Automated Quotations (NASDAQ).
- 2007 – Parts of NASDAQ and the New York Stock Exchange (NYSE) combined to create FINRA, streamlining the regulatory process and compliance standards.
- 2019 – With headquarters in both Washington, D.C. and New York City — in addition to 20 regional offices throughout the country — FINRA now has approximately 3,000 employees.
What does FINRA Compliance Require?
At the highest level, FINRA technical requirements are focused on a few main objectives, each of which the Manhattan Tech Support team can help you achieve.
- The implementation of risk management architecture
- The protection of personal customer information
- The deployment of supervisory controls
Each of these objectives is outlined in detail through FINRA’s many rules and guidelines, which include:
- FINRA Rule 3110
Standards for supervisory practices and documentation, branch office supervision, and human resource needs.
- FINRA Rule 4530(b)
Requirements for the reporting of financial irregularities and violations, including security self-assessments.
- 17 CFR §248.201-202
Policies and procedures to protect customer information from cyber-attacks.
- 17 CFR §248.1-100
Explains the firm’s responsibility in the detection and prevention of identity theft.
Strict Controls for Data Archiving
Another important part of FINRA is data archiving. SEC rule 17a-3, 17a-4, and FINRA Rule 4511 outline requirements for the archiving of communications, including email, text messages, team messages, and more.
Some of the specific rules include:
- Archiving of records on non-renewable, non-erasable formats
- Requirements for retention length, record format, record quality, and record availability
- Ensure that archives are available for at least seven years
The Role of Cloud Computing in the Financial Services Industry
In 2019, FINRA announced a new set of standards to improve cloud security at financial firms. The new regulation will require that every firm have a plan to govern cloud applications and services with the same rigor that they manage traditional on-premise solutions.
Manhattan Tech Support guides financial firms through the FINRA cloud vendor management process
- Onboard
Establish a relevant set of controls based on a careful evaluation of cloud vendor service level agreements (SLAs)
- Operation
Ensure strong FINRA collaboration through vendor lifecycle, including security event notification, audits, testing, and more.
- Termination
Proper removal and destruction of protected data once your relationship with a cloud vendor has ended.
The NIST Cybersecurity Framework — An Indispensable Tool for Strong FINRA Compliance
FINRA’s regulations—especially those designed for small and midsized firms — are greatly informed by the National Institute for Standards and Technology (NIST) Cybersecurity & Risk Management Frameworks – federal resources originally designed to help protect national infrastructure from cyber threats.
NIST is a comprehensive system for managing cybersecurity risk, which outlines five distinct phases for effective risk management.
- Identify
Find the vulnerabilities of your physical and digital assets
- Protect
Control access to those assets with appropriate safeguards
- Detect
Maximize visibility over your network and identify threats quickly
- Respond
Contain cybersecurity events with a response plan
- Recover
Restore damaged services with a clearly defined action plan and set of tools
The Manhattan Tech Support team has been using the NIST framework for over 20 years to improve the cybersecurity at firms in the financial services sector. If you’d like to learn more about how we use the NIST framework, check out our blogs and infographics.
The High Cost OF FINRA Non-Compliance
FINRA compliance isn’t a hurdle that securities firms should take lightly. Compliance violations often come with stiff penalties, which can do irreparable damage to a small or midsized firm.
In 2016, FINRA distributed a record-setting $173.8 million in fines.[i]
In 2018, FINRA initiated 921 disciplinary actions, levied fines totaling $61 million, and ordered restitution of $25.5 million to investors.[ii] It also suspended 472 brokers.[iii]
While the total number of fines experienced a brief lull last year, FINRA regulators have indicated those numbers will likely climb again as they adopt new technologies, like artificial intelligence (AI), to detect compliance issues with greater efficiency.[iv]
Manhattan Tech Support Makes FINRA Compliance Easy
Don’t let FINRA compliance become a liability for your business. The experts at Manhattan Tech Support have been providing the financial services industry with comprehensive FINRA compliance solutions for two decades, and we’re eager to help more firms discover the deep sense of confidence and preparedness our FINRA service provides.
Do you have a question for our FINRA experts? Contact us anytime at [sales-phone] or [email-address]
1 https://www.finra.org/newsroom/2019/market-volatility-drives-finras-volume-new-record-2018
2 https://www.nist.gov/cyberframework
[ii] https://www.investopedia.com/terms/f/finra.asp
[iii] https://www.finra.org/sites/default/files/2018_Annual_Financial_Report.pdf
[iv] https://www.wealthmanagement.com/regulation-compliance/why-decline-fines-doesn-t-mean-relaxed-enforcement